Not authorized to access authoring site locally
I'm having a very weird problem. I have MOSS w. SP2 setup on a VPC in its own farm. When I create a new blank site via the GUI and then try to access it locally (from the VPC), I get challenged and then it denies me access. If I access the same site from another machine (like my host PC), it works just fine. I'm having the same problem with my Shared Service Provider site.
Any idea what could be causing the problem? My event logs show security failures like this:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 4/29/2009
Time: 9:35:25 AM
User: NT AUTHORITY\SYSTEM
Computer: PSCMUELLEEBEM
Description:
Logon Failure:
Reason: An error occurred during logon
User Name: ed.mueller
Domain: hdc
Logon Type: 3
Logon Process: Èù®
Authentication Package: NTLM
Workstation Name: PSCMUELLEEBEM
Status code: 0xC000006D
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 127.0.0.1
Source Port: 1358
(Yes, I'm providing the correct password). We used a domain account to setup MOSS and run all the services and app. pools and it fails even when I try logging on with that account.
Thanks for your help.
- Ed.- 已編輯Mike Walsh MVPMVP, 版主2009年4月29日 下午 03:05Help! removed from the Title. Titles are for a short problem description. That's all.
解答
- Please make the following registry change and let us know if the problem still exists:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor, and then restart your computer.
Thanks,
Prashanth- 已標示為解答Ed_M 2009年5月1日 下午 06:21
- 已取消提議為解答Mike Walsh MVPMVP, 版主2009年5月1日 下午 02:27
- 已提議為解答V284 2009年5月1日 上午 11:40
所有回覆
- I guess it is something related to permissions. Can you please give more details regarding the following.-> What account were you using when trying to connect from a remote machine? Are you using the domain account to access the sharepoint site ?->From the local machine, Are you using the domain account or Sharepoint Admin account ?Also, if you are using Farm administrators account , add farm administrator to site collection administrator group of the sharepoint site to access the sharepoint site locally.ThanksV
- All accounts are domain accounts. I tried adding the farm domain account to site collection admins. but that had no effect. My personal account is setup as a site collection admin.; neither account has access when used on the VPC; both work when I try from my host machine, which is in the same domain as the VPC. In IE, both show the zone as Local Intranet.
When I trace both with Fiddler, the one that works has:
Cookie: MSOWebPartPage_AnonymousAccessCookie=80; WSS_KeepSessionAuthenticated=80
Authorization: NTLM TlRM...
The one that doesn't work is missing the two cookies; I don't know why or if that's relevant. - Please make the following registry change and let us know if the problem still exists:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Right-click Lsa, point to New, and then click DWORD Value.
- Type DisableLoopbackCheck, and then press ENTER.
- Right-click DisableLoopbackCheck, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Quit Registry Editor, and then restart your computer.
Thanks,
Prashanth- 已標示為解答Ed_M 2009年5月1日 下午 06:21
- 已取消提議為解答Mike Walsh MVPMVP, 版主2009年5月1日 下午 02:27
- 已提議為解答V284 2009年5月1日 上午 11:40
- I'm sorry, I forgot to mention that I had done this a while back and have rebooted several times since then. No effect.
- Ed,Can you tell me if you are using any alternate access mapping for the url? What type of authentication are you using? Are you using NTLM or kereberos ?
- Security is NTLM only. No alt. access mappings. My VPC has IE7.
- Can you add your url that you are having problem in the IIS hostheaders. The solution given by Prashanth should have solved the issue. I had the same problem in our server, and it did solve the issue.V
- The URL IS in the IIS host header of the site. I setup host headers for it and my SSP to run on port 80 (e.g., sharedservices1.hdc.net).
- This sounds a lot like a problem I am having too.
On all of my production web servers, I cannot browse to my SharePoint site, but I can from a client computer. The same is true for my development machines. On dev, I have SP2 installed for testing. I do not have SP2 on production.
I have only noticed this problem for the last few weeks. Before that there was no problem. Because I have multiple servers and environments affected, I am leaning towards some OS patch that was applied to all of my servers, but I haven't had a chance to look into it any further.
Michael Ruberg - www.landofsharepoint.com - Ok, it looks like the culprit is KB963027. I removed it from my dev server and now I can browse to my local SharePoint site from the server.
Michael Ruberg - www.landofsharepoint.com - Could be. I removed DisableLoopbackCheck from the registry and rebooted. Still didn't work, so I re-added it and rebooted. Now it works! So, the only logical explanation is...the machine's possessed. I hope it just stays fixed. Thanks to everyone for their help.
